a few days ago i, i turned on the computer and got that 'lovely' blue screen with the message

BAD_POOL_CALLER
0x000000ca (0x00000007, 0x00000cd4, 0x00000001, 0x83281028)

i ran hjt and didn't see anything obviously suspicious. i ran rootkit revealer and that found something. spybot found nothing (and, when i downloaded updates, it went up to version 1.6.0) and neither did anything else that i could run (outdated stuff and/or online scans - i also didn't mess with much because i can see that this is bad and that i'd need some help). in task manager, i'm only seeing one iexplorer process running - even if i have more than one browser window open.

the day before the blue screen, i did see the animated hourglass run - i was in the middle of reading a post on a forum; so no reason for it. thought it odd as i hadn't instigated anything to run - didn't do anything other than make note of it at the time. i've seen that a few times since the blue screen, too. the first time it happened, i was looking at a proboards site; the other times it was other sites - some proboard and some php.

i'm also seeing za pop-ups about adobe - at times when i really don't think there should be something like that. what i mean is that i'm not trying to open a pdf file, just opening a webpage. they've been happening for a while on a very intermittant basis (don't know if they mean anything or not).

i was in the process of getting all the windows updates done (i'm very behind) and got sidetracked/no time, so i'm still not up to service pack 3. other than a few windows updates a couple weeks ago, i have not put on any new software recently. other than the spybot upgrading itself, that is.

so, it's a win xp, sp2 machine with ie6.

logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:50 PM, on 9/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\AOL\1195531616\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>;localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1195531616\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://zone.msn.com
O15 - Trusted Zone: *.verizon.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} (Malicious Software Removal Tool) -
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase2895.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://public.mapping.floridadisaster.org/...ds/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190516263968
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190516243734
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.gamehouse.com/games/mjolauncher.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://games.bigfishgames.com/en_zenerchi/...eb.1.0.0.10.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://playgames.comcast.net/Gameshell/Gam...ronGameHost.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab55579.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: AAOOPAYRS - Sysinternals - www.sysinternals.com - C:\DOCUME~1\jo\LOCALS~1\Temp\AAOOPAYRS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: CHAP - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CHAP.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GSMYKNE - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GSMYKNE.exe
O23 - Service: LPGCRFMTX - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LPGCRFMTX.exe
O23 - Service: MDZNUTIAMYFK - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MDZNUTIAMYFK.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDP - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\PDP.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: XVGSCNDRR - Sysinternals - www.sysinternals.com - C:\DOCUME~1\jo\LOCALS~1\Temp\XVGSCNDRR.exe

--
End of file - 10831 bytes


Rootkit Revealer log:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System* 9/5/2004 6:10 PM 0 bytes Key name contains embedded nulls (*)
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Messenger\j\SharingMetadata\\DFSR\Staging\CS{16671139-0B0C-163B-7C8C-93795E5CAE3A}\01\34-{16671139-0B0C-163B-7C8C-93795E5CAE3A}-v1-{CA6CA80 9/29/2007 1:05 AM 8 bytes Hidden from Windows API.
C:\Documents and Settings\jo\Local Settings\Temp\~DF3B3D.tmp 9/24/2008 2:17 AM 112.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\jo\Local Settings\Temp\~DF3B4E.tmp 9/24/2008 2:17 AM 512 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\jo\Local Settings\Temp\~DF9F6A.tmp 9/24/2008 2:29 AM 112.00 KB Hidden from Windows API.
C:\Documents and Settings\jo\Local Settings\Temp\~DF9FA7.tmp 9/24/2008 2:29 AM 512 bytes Hidden from Windows API.
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP234\A0091875.RDB 9/24/2008 2:18 AM 1.90 MB Hidden from Windows API.
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP234\A0091876.RDB 9/24/2008 2:24 AM 1.90 MB Hidden from Windows API.

as i'm proofing my message, i'm seeing this window refreshing and the scrollbar keeps moving and it seems like it's repaging itself...is that supposed to be happening??

any help is very, very much appreciated!! if you need any other info, just let me know.

THANKS!!

Hello joclyn,

Sorry for the delay.

Please download Runscanner to your desktop and run it.

• When the first page comes up select Beginner Mode
• On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
• At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
• On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log file
• Call the .run file "Select a name" and save it to your desktop. You will see the .run file on your desktop. Upload that file here.

k. downloaded and ran the program. when it loaded all three options had checkmarks on them, so, i removed the last one about 'online analysis' and clicked 'scan computer' button (it did not say 'start full scan' ). i did see an option to check for updates - did not do that as you didn't say to. i saved the .run file with the name you wanted and modified the log file with the date.

okay.

opened the run file and it's not a log-type file. looks like a program interface and i was expecting the usual log format, so i'm confused and not sure if i did something wrong even with your very clear instructions

let me know if i need to re-run it!!

thanks for the assist!!!

Hi joclyn,

Download the attachment at the end of this post (this will be your runscanner file fixed by me)

• Save it to your desktop then double click the runscanner icon this will run the program.
• You will notice several entries in red and in blue.
• Click the button at the top called Fix selected items
• Accept the warning(s) and repeat until they are all gone.
• Reboot your PC

Next

Your Java is out of date, older versions are vunerable to attack.

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

-----Step 2-----

Your Adobe Acrobat Reader is out of date. Older versions are vunerable to attack.

Please go to the link below to update.

http://www.adobe.com/products/acrobat/readstep2.html

Now

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Finally in this post

Kaspersky only works if you are using Internet Explorer.

Please do an online scan with Kaspersky WebScanner.

Click on the Kaspersky Online Scanner button. A box will come up, click Accept, this will allow it to install an ActiveX component and download its latest anti-virus database. (Note: It may take a couple of minutes)

• Once the files have been downloaded click on NEXT
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  * Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  * Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:
  Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  * Now click on the Save as Text button:
• Save the file to your desktop.

Copy and paste that information in your next post.

So when you return please post

• Malwarebytes log
• Kaspersky scan results

 joclynfix.run ( 189.12K ) Number of downloads: 2

here are the two logs:

Malwarebytes' Anti-Malware 1.28
Database version: 1227
Windows 5.1.2600 Service Pack 2

10/4/2008 5:00:30 AM
mbam-log-2008-10-04 (05-00-30).txt

Scan type: Quick Scan
Objects scanned: 64162
Time elapsed: 13 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, October 4, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, October 04, 2008 08:31:00
Records in database: 1288550
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 158889
Threat name: 3
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 03:12:51


File name / Threat name / Threats count
C:\Documents and Settings\jo\Desktop\computer programs\Comp Maintenance\scanspyware\ss_install.exe Infected: not-a-virus:FraudTool.Win32.Devushka.b 1
C:\Documents and Settings\jo\Desktop\hijack this\backups\backup-20080923-232448-627.dll Infected: not-a-virus:Downloader.Win32.PopCap.b 1
C:\Program Files\Comcast Play Games\Azada\Launch.exe Infected: Trojan.Win32.Inject.fpq 1
C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b 1

The selected area was scanned.

i updated the adobe. i rarely use it at home so never thought to update it...i'll make sure i do in the future, though . and i updated the java - again, that's not used that often either (that i'm aware of), i'll keep an eye on it though. i didn't realize that either one being outdated would cause a vulnerability.

i went into add/remove and got rid of the azada program (so nice of comcast to provide the 'extra' item in the s/w! ). i'd previously removed trojanhunter; yet it still shows in add/remove - if i click on it it attempts to install itself (because it had previously been uninstalled).

i also see two entries for spybot - one has the version listed and the newer one that i just upgraded to doesn't say which version. can i safely remove the old one or will removing it affect the newer installation? i thought that it had gone through and removed old versions when it upgraded...maybe it just needs to be removed from the add/remove listing? i know that can be done; i can't remember how to do it though.

is there anything else (any other scans) that needs to be done?

THANKS!!

i just saw something in the add/remove list that's weird!

it's the very first item. program name shows just the digit 1. no name for what the software is. how do we find out what it is?? highlighting it doesn't give any info either. took a screenie for ya.

Hello joclyn,

That Kaspersky scan has found a couple of things that make me suspect there might be some more there.

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix.

Included in the tutorial are instructions for the installation of a recovery program if you don't already have it - Windows XP Recovery Console.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

When you reboot your computer after installation, you will see the additional option for the Recovery Console present. Don't select Recovery Console as we don't need it. It is only there for emergency recovery use. By default, your main OS is selected here. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Once you have completed installation of the the Recovery Console.

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a new HijackThis log for further review.

hi, i'm back

here are the two logs you wanted:



ComboFix 08-10-04.01 - jo 2008-10-04 17:21:20.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.225 [GMT -4:00]
Running from: C:\Documents and Settings\jo\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\jo\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\jo\Cookies\jo@ehg.allstate[1].txt
C:\Documents and Settings\jo\Cookies\jo@msn[2].txt
C:\Documents and Settings\jo\Cookies\jo@photobucket[2].txt
C:\Documents and Settings\jo\Cookies\jo@visit.kodak[1].txt
C:\Documents and Settings\jo\Local Settings\Temporary Internet Files\temp.cab
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\activextest.bat
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\Music\Level01.ogg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\Music\Level01B.ogg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ALARM01.ogg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ALARM02.ogg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ALARM03.ogg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ANYLOOP.ogg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_BONUS100.ogg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_BUMPSCENERY01.ogg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_BUMPSWEET01.ogg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_BUTTONCLICK.ogg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_CASCADEGOOD.ogg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_COMBOGOOD.ogg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_FAILED.ogg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_FIREWOOSH01.ogg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_KATEHURRAY01.ogg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_KATEHURRAY02.ogg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_KEYSTROKE.ogg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_LAUNCHERDOWN.ogg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_POP01.ogg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_PRODUCTION01.ogg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_PUREWIND.ogg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_PUSHERBONUS.ogg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_PUSHERPOP.ogg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ROLLINGEND.ogg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ROLLINGLOOP.ogg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ROLLINGSTART.ogg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SHERBETDONE.ogg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SHUFFLE.ogg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SUCKEREND.ogg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SUCKERLOOP.ogg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SUCKERSTART.ogg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SWAP.ogg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_TRANSITION.ogg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\arcadepanel.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\dialog.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\fullscreendialoglocal.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\infodialog.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\longdialog.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\panel.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\screenshots.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\submitdialog.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\textfield.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\yesnodialog.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowdown_down.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowdown_over.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowdown_up.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowleft_down.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowleft_over.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowleft_up.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowright_down.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowright_over.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowright_up.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowup_down.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowup_over.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowup_up.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\buttondown.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\buttonrollover.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\buttonup.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\checkdown.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\checkup.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\choosenamedown.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\choosenameover.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\long_button_down.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\long_button_over.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\long_button_up.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\sliderknob.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\sliderknobover.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\sliderrail.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\cursor\cursor.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\cursor\nocursor.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\fonts\main.mvec
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Comic\Intros.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Comic\TipWindow.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\FX\FX_Flame.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\FX\FX_Hot.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\FX\FX_PowerUp.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\FX\FX_Ring.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\FX\FX_Sherbet.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\FX\FX_Steam.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\FX\FX_SugarFloor.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\FX\FX_White.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach01_PistonA.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach01A.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach02_RingA.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach02A.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach03_HammerA.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach03A.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach04_CrankA.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach04A.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach05A.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach06_CrossA.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach06_PistonA.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach06A.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach07A.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach08A.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach09A.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerBase01A.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerBase02A.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerTop01A.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerTop01B.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerTop02A.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerTop02B.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleBase.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleDoor.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHead.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHead2.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHole.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHoleA.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHoleB.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHurray1.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHurray2.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleKateAhead.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleKateFire.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleKateLeft.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleKateRight.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleSling.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleSlingA.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleTop.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleTunnel.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Sucker\SuckerTop.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Sucker\SuckerWind.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Textures\Glass\Glass01.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Textures\Ingredients\Ingredient02.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Textures\Machines\Mach02A.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Textures\Walls\Wall02.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Vats\Vat01A.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Vats\Vat01B.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Vats\Vat01C.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Vents\Joints\JointCross01A.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Vents\Joints\JointStraight01A.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Vents\Vent01.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall01A.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall01B.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall02A.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall02B.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall03A.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall03B.mesh
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Channels\Channel06.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Channels\ChannelShadow.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Channels\InsChannel.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Floors\Floor01.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Pusher\Pusher.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Pusher\PusherBang.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Pusher\PusherWheel.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Shadows\Shadow01.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Shadows\Shadow02.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetA.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetC.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetC_S.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetG.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetG_S.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetH.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetP.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetP_S.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetPUs.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetR.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetR_S.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetS.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetS_S.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetShine.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Vat\MacLight01.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Vat\VatPipes01.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\UI\InGame\PUDialog.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\UI\Instructions\InstBackdrop.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\UI\Instructions\SweetTypes.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\UI\Loading\LoadingBar.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\UI\Loading\LoadingScreen.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\UI\MainMenu\MainMenuScreen.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\UI\Pointers\InGameHole.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\UI\Pointers\InGamePointer.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\hiscore\global-hs-bb_large.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\hiscore\global-hs-bb_small.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\hiscore\hi.jpg
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\hiscore\local-hs-bb.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\hiscore\p1icon.png
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A01.lev
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A02.lev
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A03.lev
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A04.lev
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A05.lev
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A06.lev
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A07.lev
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A08.lev
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A09.lev
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A10.lev
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C01.lev
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C02.lev
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C03.lev
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C04.lev
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C05.lev
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C06.lev
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C07.lev
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C08.lev
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C09.lev
C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels